Webinar ‘Awareness Training’
Geplaatst op: 26 September 2024
Meld je aan voor ons webinar op dinsdag 12 november om 09:30 uur door het formulier op deze pagina in te vullen.
Heb je vragen? Mail dan naar info@opensight.nl of bel naar 085 – 303 10 10.
Aanmelden
“We guide you to a safe tomorrow”
~ Marcel Krommenhoek
Dinsdag 12 november om 09:30 uur
Awareness Training
Waar gaan we het over hebben?
Het belang van oplettendheid onder werknemers wordt vaak onderschat. Maar wist je dat 95% van alle bedrijfsmatige cyber aanvallen starten bij de onoplettendheid en onwetendheid van werknemers van het bedrijf? In het webinar leggen we uit wat een Awareness Training is, wat een training inhoud en waarom het zo ontzettend belangrijk is.
Meld je dus direct aan en bereid jezelf én je werknemers goed voor zodat je cyber aanvallen weet te voorkomen.

The future of information security: why Zero Trust and AI are now essential
Geplaatst op: 19 September 2024
The way we work and do business is changing rapidly. Cloud computing, SaaS solutions, and remote work have become the norm. This has given companies a great deal of flexibility, but it has also introduced new challenges in cybersecurity. Traditional security models, which relied on the idea of a secure perimeter (such as the ‘castle and moat’ model), are no longer adequate in this new world. They simply weren’t designed for today’s distributed IT environments.
Why Zero Trust?
Imagine a company operating like a medieval fortress: thick walls, drawbridges, and watchtowers to keep intruders out. This worked well when all employees worked within the castle walls, with their applications and data safely behind those walls. But now that everyone works from various locations, those walls have essentially become useless. We don’t need a fortress anymore; we need an entirely new way of thinking. This is where Zero Trust comes into play.
What makes Zero Trust so powerful?
- Never trust, always verify: Zero Trust is centered around the principle that no one is automatically trusted. Whether someone is inside or outside the network, their access is continuously monitored. This marks a radical shift from the old model, where everyone inside the fortress was considered ‘safe’.
- Protection against lateral movement: One of the biggest threats today is attackers’ ability to move laterally within a network once they’ve gained access. Zero Trust prevents this by granting users access only to specific applications, rather than the entire network.
- Improved user experience: Unlike traditional methods, where traffic was routed back to a data center (causing delays), Zero Trust enhances performance by directing users straight to the apps they need.

The role of AI in modern security?
When it comes to cybersecurity, AI is often the secret ingredient that enhances everything. We live in an era where cyber threats are becoming increasingly sophisticated and persistent. The days when a simple firewall was enough are long gone. AI allows us to approach security in an entirely new way.
How AI helps us
- Real-time threat detection: AI can analyze vast amounts of data in the blink of an eye and recognize patterns that indicate potential threats. This allows for the identification of attacks before they cause damage.
- Security automation: AI enables the automation of routine tasks, such as scanning files and monitoring traffic. This allows security teams to focus on the truly critical issues.
- Intelligent decision-making: AI helps in making better, data-driven decisions. By adding context to threat information, security analysts can respond more quickly and accurately.
Practical applications and examples
Take, for example, the pandemic in 2020, which caused a massive shift to remote work. Many companies still relying on traditional security models suddenly faced new vulnerabilities. In this situation, Zero Trust provided a robust solution. By treating every user as a potential threat, companies were able to protect their systems even while their staff worked from home.
And then there’s AI. In the fight against cybercrime, AI has proven itself indispensable. Imagine a suspicious email landing in your inbox. Traditional filters might miss it, but an AI system, trained on millions of examples of phishing attempts, recognizes the patterns and blocks the email before it can cause any harm.
In short…
The combination of Zero Trust and AI provides companies today with a powerful way to protect themselves against the ever-increasing threats in the digital world. It’s not just about strengthening defenses; it’s about rethinking how we approach security in an era where the boundaries between physical and digital worlds are becoming increasingly blurred. Companies that embrace these technologies will not only be better protected but also better positioned to take advantage of future opportunities.
Key takeaways from the 2024 Threat Hunting Report
Geplaatst op: 19 September 2024
“As a Cyber Security Specialist at OpenSight, I deal with the complex world of cybersecurity daily, where we are engaged in a race with criminals and state actors. As a Cyber Security Specialist, you know that you’ve chosen a profession where continuous learning and development are a must, as your adversaries are also constantly evolving. We often review reports from key players in this field. Recently, I reviewed the CrowdStrike 2024 Threat Hunting Report, and I’d like to share some of my findings and advice with you. This report not only provides insights into the latest trends in cyber threats but also emphasizes the need for a proactive approach to effectively combat these threats. Let’s dive deeper into what this means for you and your organization.”
The cunning of modern attackers
“What stood out to me most while reading this report is the constant evolution of attackers. Cybercriminals’ tactics are becoming increasingly sophisticated and dynamic. Where they once relied on simple, automated attacks, we now see a significant rise in so-called ‘interactive intrusions.‘ These are attacks where the attacker is actively sitting behind the keyboard in real-time, ready to bypass security measures as they appear.”
“This has significant implications for how we protect our networks. The speed and cunning with which these attackers operate make it essential not only to rely on automated security measures but also to have well-trained personnel capable of detecting and countering these advanced attacks. CrowdStrike’s report highlights the importance of speed in detection and response, which perfectly aligns with my own experiences.”
Cross-Domain Threats: An Increase in Complexity
“Another key insight from the report is the growing threat of cross-domain attacks. These are attacks where various parts of the IT infrastructure are targeted simultaneously, such as identity systems, endpoints, and cloud environments. What makes these attacks particularly dangerous is that they are often difficult to detect because the activities are spread across multiple domains, making them appear less suspicious when considered individually.”
“The challenge here is to see these activities in context and understand how they are related. This requires not only advanced technology, such as CrowdStrike’s AI-driven solutions, but also an in-depth knowledge of the various IT domains and how attackers can exploit them.”

Insider threats: the invisible danger
“The report also sheds light on one of the most insidious threats we face: insider threats. These are threats originating from within the organization, often from employees who, whether intentionally or unintentionally, engage in harmful activities. What I found particularly concerning is the example of FAMOUS CHOLLIMA, a group of attackers who managed to enroll as employees at over 100 companies in the US, gaining access to sensitive information from within.”
“These insiders used their access to install Remote Monitoring and Management (RMM) tools, allowing them to operate remotely and conduct their malicious activities without immediate detection. This highlights the need for stringent access control and continuous monitoring of user activity, even within the organization.”
The solutions: proactive threat hunting and AI
“In my opinion, the key to securing organizations against these complex threats is a combination of proactive threat hunting and the use of AI. As the report indicates, the time an attacker needs to move laterally within a network (the so-called ‘breakout time’) is often just a few minutes. This means there is no time to waste in detecting and responding to an attack.”
“AI can play a crucial role here by analyzing vast amounts of data in real-time and identifying patterns indicative of a threat. CrowdStrike’s Falcon platform is an excellent example of how AI can be used not only to detect attacks but also to automatically respond and prevent further damage. This kind of technology is indispensable in the fight against modern cyber threats.”
My advice for businesses
Based on the findings in the report and my own field experiences, here are some recommendations I would like to offer to businesses looking to enhance their security:
- Keep learning and adapting: The world of cybersecurity is constantly changing. Stay informed about the latest trends and techniques, and ensure that your security strategy aligns with them.
- Invest in proactive threat hunting: Don’t wait for an attack to occur before taking action. Ensure that you have a team constantly searching for potential threats, both inside and outside the network.
- Utilize AI and Machine Learning: Traditional security systems often fall short when it comes to detecting today’s complex attacks. Invest in AI-driven solutions that can recognize patterns and respond quickly to suspicious activities.
- Manage access strictly: Insider threats are a serious danger. Ensure you have strict access controls in place and continuously monitor who has access to which systems and data.
- Monitor cloud environments closely: With the shift to cloud computing, it is essential to have a clear view of what is happening in your cloud environments. Attackers are increasingly targeting these areas, so make sure your cloud security is robust.
In short…
“The CrowdStrike 2024 Threat Hunting Report provides valuable insights into the modern threat landscape and confirms much of what we already know: threats are becoming more complex, attacks more sophisticated, and response times shorter. As a Cyber Security Specialist, it is clear to me that the future of security lies in a proactive, intelligence-based approach, supported by the power of AI. By combining these approaches, we can ensure that our organizations are not only protected against today’s threats but also prepared for the challenges of tomorrow.”
“Let’s work together towards a safer digital future!”
“Do you have questions or want to learn more about how to better secure your organization? Feel free to reach out via my LinkedIn profile!”
~ Marcel Krommenhoek
Is this normal behavior and does it happen more often?
Geplaatst op: 12 March 2024
By designing systems with attention to detection, investigation and response to incidents, an organisation can respond more quickly and decisively. To do this, you need robust logging and security monitoring. It increases visibility and ensures that the chances of something happening out of sight remain low.
For effective detection and investigation of incidents, it is crucial to have a security monitoring strategy in place. This means active analysis of logs and other data sources to identify patterns or behaviors that may indicate a security incident. By monitoring systems in this way, potential threats can be recognized and responded to quickly, minimizing the impact of security incidents.
In addition to monitoring, it is essential to have incident response procedures in place. This includes defining roles and responsibilities, setting up communication channels and creating a plan. This allows an organisation to manage security incidents and gives clear direction to everyone involved in handling the incident. These procedures allow a quick response to incidents and minimize the impact on systems and the organization.
The importance of cyber security logging and monitoring
- Improved visibility: Qualitative logging provides an overview of system activity and usage, enabling a better understanding of how systems are utilized and identifying potential security risks.
- Early detection of threats: Monitoring allows proactive analysis of logs and other data sources to detect patterns or behaviors that may indicate a security risk. This makes it possible to detect and respond to incidents before they escalate.
- Extra layer of protection: Security monitoring adds an extra layer of protection to systems and acts as an early warning system for potential security incidents. It also helps in staying ahead of constantly changing threats.
- Effective incident response: By actively monitoring systems via logging, early signs of intrusion can be responded to quickly, before they can cause significant damage.
Targeted logging and monitoring in security strategies
- Understand the objectives: It is crucial to understand the objectives when implementing logging and monitoring. Consider the context of the system, existing threats and available resources so that appropriate monitoring levels can be determined.
- Adapt the monitoring strategy: Tailor monitoring strategies to the specific needs of the organisation. Frequent cyber attacks may require investment in sophisticated SOC services, while organizations with limited resources may simply collect logs in case of a data breach or leak.
- Responding to incidents: Regardless of the monitoring level chosen, the capacity to respond to incidents should be a top priority. Collecting logs and other crucial data during an incident is essential for effective response.
- Proactive and vigilant: The key word for successful logging and monitoring is to be proactive and vigilant. By reviewing and adapting practices regularly, organizations can anticipate emerging threats and respond quickly to security incidents.
Effective practices for log management in incident response
- Quick access: Ensure knowledge of the location of stored logs and ensure appropriate access rights to quickly search relevant log data during an incident.
- Storage policy: Ensure logs are kept long enough to answer questions that arise during an incident. The retention period may vary by source, taking into account factors such as storage costs and the availability of different data types.
- Frequency:By implementing frequent checks of your log systems, you can rely on capturing the necessary data in your logs.
- Protection: Protecting logs from tampering is crucial to ensure accurate recording of events. Implement measures to prevent unauthorized access and changes to maintain reliable logs.
Improving security incident detection and response via integration of previous incident insights into logging and monitoring solutions
Integrating insights from previous incidents into logging and monitoring solutions is crucial to identify gaps in the strategy. This improves the ability of systems to detect and respond to security incidents. Analysis of previous incidents provides valuable information on attack patterns and tactics, which can be used to refine surveillance and response capabilities. Incorporating these insights into surveillance solutions strengthens overall security and minimizes the impact of future incidents.
the OpenSight 10 new year’s cyber security resolutions
During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:
- The company’s digital assets.
- Are my colleagues engaged and aware of cyber security?
- Are our company assets under control?
- Architecture focused on security and the business.
- How to keep vulnerability management in order?
- Who’s that? And what is he doing here?
- How do we protect digital assets?
- Is this normal behavior and does it happen more often?
- Preparation is key!
- Is there a weak link in my supply chain?
With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.
Want to know more?
Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!
Are my colleagues engaged and aware of cyber security?
Geplaatst op: 29 January 2024
Joint engagement and training efforts are the first line of defense against cyber threats for organizations. Educating employees on the latest threats and best practices can reduce the risk of cyber attacks while minimizing potential incidents.
An effective cyber security strategy places people at the center, with security measures developed collaboratively to meet the practical needs of the organization. Fostering a positive cyber security culture, where employees are active participants and hub input is valued, ensures the prevention and detection of security incidents.
By providing staff with the necessary skills and knowledge through awareness programs, engagement and training, an organization demonstrates commitment to the well-being of its employees and emphasizes their value to the organization. This not only protects the company, but also strengthens employee loyalty and increases the overall value of the organization.
Why are engagement and training crucial in cyber security?
Engagement:
Engagement in cyber security includes creating awareness among employees and users about their role in cyber security, the associated risks and threats, and the steps they can take to protect both themselves and the organization. Fostering a cyber security culture encourages employees to be more observant and cautious when handling sensitive data and using technology.
Training:
Cyber security training is essential to equip employees with the knowledge and skills needed to recognise, prevent and respond to cyber threats. It helps employees understand best practices for securing their devices, passwords and online activities, as well as how to respond to incidents such as data breaches or cyber attacks.
The benefits of engagement and training in cyber security are manifold
- Improves awareness of cyber security: Regular training increases employees’ awareness of cyber security risks and threats, enabling them to prevent or report suspicious activity. This results in alert employees and thus better security.
- Less risk of cyber Attacks: Engaged and trained employees reduce the likelihood of cyber attacks through faster recognition and reporting of security incidents. Implementation of best practices, such as strong passwords and two-factor authentication, helps reduce the risk of successful attacks.
- Improved incident response: Well-trained employees respond more effectively to cyber security incidents, reducing impact and shortening recovery time. Working together to prevent recurrence improves overall response and recovery from incidents.
- Early detection of security incidents: Employees who feel safe to report problems can detect incidents early, minimizing the impact and preventing escalation.
- Improved organizational effectiveness: A safe environment encourages openness, which leads to better decision-making and innovation, thus improving the overall effectiveness and competitiveness of the organization.
- Increased trust and loyalty: An environment where employees feel valued results in increased trust and loyalty. This contributes to job satisfaction, higher productivity and less employee turnover.
In short, creating a secure and open work environment, where employees can report incidents and come up with new ideas, promotes early detection of security incidents, improved organizational effectiveness and increased trust and loyalty to the organization. This helps achieve the goals of engagement and training in cyber security.
Strategies for engagement and training in cyber security can increase success of initiatives
Here are some key strategies:
- Alignment with different learning styles: Offer training and engagement activities that fit various learning styles. Use various methods such as hands-on activities, visual aids and interactive discussions to meet the needs of all employees.
- Encourage interactivity: Make training sessions interactive to encourage participation and engagement. Use group activities, scenario-based exercises and quizzes to make the learning experience engaging and participatory.
- Promote continuous learning: Given the constant evolution of cyber threats, it is essential to provide continuous learning opportunities. Make sure employees stay informed of the latest threats and best practices such as AI.
- Use of realistic scenarios: Make training more relevant by using real-life scenarios. This helps employees understand how cyber attacks can affect their work and the organization, increasing their motivation to take cyber security seriously.
- Encourage accountability: Hold employees accountable by setting clear expectations and evaluating their progress regularly. Assess the effectiveness of training and engagement initiatives and provide constructive feedback to employees.
- Role of executives in cyber security: To promote a strong cyber security culture within an organization, it is vital to emphasize the role of senior leaders. These leaders serve as role models through their behavior. When senior leaders prioritize compliance with security policies and processes without exceptions for themselves, it is made clear that cyber security is a top priority. As role models for the organization, they help establish a culture of responsibility and commitment to cyber security.
- Taking sufficient time for the visible effects of awareness campaigns: Give awareness campaigns time to have impact. Analyze not only immediate results, but also appreciate the long-term effects.
Standing strong together
Organizations can effectively address cyber threats by engaging and training employees. Raising awareness about recent threats and best practices reduces the risk of cyber attacks and minimizes damage. A positive cyber security culture, combined with training, leads to improved awareness, reduced risk, improved response and early detection. Strategies include diverse learning methods, interactivity and continuous education. Leaders play a crucial role as role models. It is important to allow sufficient time for visible effects of awareness campaigns and align messages with staff and organization. A safe working environment contributes to the success of engagement and training in cyber security.
the OpenSight 10 new year’s cyber security resolutions
During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:
- The company’s digital assets.
- Are my colleagues engaged and aware of cyber security?
- Are our company assets under control?
- Architecture focused on security and the business.
- How to keep vulnerability management in order?
- Who’s that? And what is he doing here?
- How do we protect digital assets?
- Is this normal behavior and does it happen more often?
- Preparation is key!
- Is there a weak link in my supply chain?
With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.
Want to know more?
Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!
What is a ransomware attack?
Geplaatst op: 27 December 2023
A large proportion of the working people have been working from home for the past two years. This means a large part of the business conversations and activities took place online. While this way of working had positive effects, it also opened the door for data leaks and cybercrime. In this article we’ll tell you everything about ransomware, what it is, how it works and what you can do against it.
What is malware?
Malware is an umbrella term for software like viruses, spyware, and Trojan horses. Malware usually ends up on a computer or network when employees click on a link or document that contains this software. Because many organizations’ work traffic has been from home in recent years, we are seeing an increase in malware attacks.
What is ransomware?
Ransomware is a form of malware. This form of malware ensures that people within the organization can no longer access important documents or processes that are essential to keep the organization running. Often a large ransom is demanded from the organization to regain access, hence the name. Here are some more types of ransomware that hackers can use:
- Screen locker ransomware: A form of ransomware that blocks the access to your screen.
- PIN locker ransomware: This one changes the pin code of your device, so you can no longer log in.
- Disk coding ransomware: This form of ransomware encrypts the Master Boot Record and other (file) system structures. As a result, you no longer have access to the operating system. As a result, you no longer have access to the operating system.
- Crypto ransomware: This is a pesky type of ransomware because it encrypts all user files on the disk.

What to do when a ransomware attack occurs?
Ransomware attacks have also been on the rise in 2022. According to research by cybersecurity expert Acronis global damage from ransomware is estimated to exceed $30 billion by 2023. If you must deal with a ransomware attack yourself, take the following steps:
- The first rule in case of a ransomware attack is to never pay ransom. This will only add fuel to the fire. Cybercriminals will see you as an easy target and will have extra reason to carry out more attacks. Remember: these hackers are criminals! You have no guarantee that they will hold up their end of the bargain.
- Is only one computer or device within the corporate network affected by a ransomware attack? Isolate this device immediately! You can do this by disconnecting the network connection.
- Encrypted files can be ‘decrypted’ with recovery programs, also known as decryptors No decryptor available? In that case backups are the only way to get files back. Make sure you regularly make backups of your documents.
- When a ransomware attack only encrypts specific files involving personal data, then it is officially seen as a data breach. You have to report this to the Data Protection Authority within 72 hours.
- We’ve mentioned it quite a lot, but it can’t be repeated too often: Make sure that existing software, applications, and devices are always up to date. That also means the operating system!
How to protect your organization from ransomware?
Unfortunately, it’s impossible to completely rule out a ransomware attack. The right security software and security measurements, however, go a long way. The most important aspect on how to survive a ransomware attack is timing. The earlier you intervene, the better. The above tips help detect and combat an attack early. We’d like to emphasise it once more: regular backups will significantly reduce the impact of a ransomware attack!
Want to know more about the impact of ransomware attacks on your company or how you can better protect important data against cybercriminals? Please contact one of our experts. We are happy to help!
What is a DDoS attack?
Geplaatst op: 27 December 2023
What is a DDoS-aanval? Perhaps one of the most asked cyber security related questions of the year. To get straight to the point: DDoS is the short hand for ‘Distributed Denial of Service’. This is an attack hackers use to temporarily take systems or applications offline. In this article we’ll take a deep dive into the world of DDoS attacks and tell you exactly how to protect your organization against such an attack.
What is a DDoS attack?
When a big amount of traffic gets send towards a network or server it hinders its operation. In the worst case the network or server stops working altogether. This is why the term ‘Distributed Denial of Service’ is used, a network or server is unable to deliver services. That’s exactly what the perpetrator wants. Unfortunately, an online DDoS attack can be staged by anyone. Whether that is to outsmart a competitor, prevent access to specific data or information or simply to nag someone out of revenge. When professional cyber criminals perform a DDoS attack it’s usually with the goal of getting money. DDoS ‘attacks’ can also be caused when too many people try to get access to a website at the same time. This often happens with concert tickets and limited offers. This does not necessarily qualify as an attack but can have the same effect.

How long can a DDoS attack last?
Although the intention behind a DDoS attack isn’t always malicious, the impact of such an attack is. The duration of a DDoS attack determines the actual (financial) costs. According to the cybersecurity expert Kaspersky the average duration of a DDoS attack in 2021 was about 30 minutes. Doesn’t seem so shocking, right? Well, the bad news is that DDoS attacks are lasting longer and getting more and more complex. The average duration of a DDoS attack in 2022 already lasted a hundred times longer than in 2021! This means a DDoS attack can affect your company or organization from 30 minutes up to several days.
What tot do against a DDoS attack?
We have some good news and some bad news. Let’s start with the bad news: A DDoS attack cannot be prevented. This means an attack can always take place. The good news? The effect of a DDoS attack can be significantly reduced. Below are some tips to reduce the effects of a DDoS attack:
- What are crucial parts of your organization? Find out where weaknesses in your organization take place. For example: what happens with the orders and communication done via the website when said website is down?
- Are you responsible for the availability of your services or is that supplier responsibility? Check the SLA-agreements that are made with the IT-supplier.
- Does your organization already work with protection software like an Anti-DDoS solution or Firewall? Currently there are a lot of service providers that can apply you with safe software to protect yourself against the impact of DDoS attacks.
The tips above are just a few examples that showcase how you can protect your organization against DDoS attacks. There are countless other measures you can take. Take a look at our tips to protect your business. Want to know more? Contact one of the OpenSight experts.
The consequences of a cyberattack? A fatal blow for many organizations
Geplaatst op: 20 December 2023
More and more large organizations and companies are getting attention from news due to them falling victim to data breaches, ransomware or cyberattacks. The Dutch Data Protection Authority reported an explosive increase in reports of a data breach in 2021. A doubling of the previous year, to be exact. The number of ransomware attacks will also increase by 33% in 2021, according to the annual report of the Public Prosecution Service. A cyberattack has become a serious threat every organization, regardless the size, must watch out for. We see a large part of the working population (in the Netherlands) fall behind. Entrepreneurs and employees are only partially aware of the consequences of a cyberattack for their company. It’s important for organizations to learn more and take responsibility for the processing and storage of their data. CIO, Marcel Krommenhoek talks about the risks of a cyber attack.
What exactly is a cyber attack?
A cyberattack refers to destroying, changing, or gaining access to (personal) data of an organization, without the permission of the organization. For example:
- Your USB stick with (personal) information of customers on it gets stolen;
- A hacker breaks into your computer network and steals (personal) information;
- Any type of ransomware.
Hackers that break into the network of an organization and acquire sensitive data are more common than often thought. To make matters worse, according to research from Cisco, about 60% of cyberattack victims go bankrupt within 3 years after the attack. How is that possible?
”Almost all organizations depend on digital data, so it has a huge impact if this data leaks or gets damaged.” Marcel explains. “We often see that a cyberattack has a long-term impact on business operations. This can result in direct operational loss, damage claims due to non-compliance with obligations or serious reputational damage. There are also considerable recovery costs and investments involved in a cyberattack so that the weak spots in the security can be closed. The combination of these matters puts the survival of the organization at risk.”
According to Marcel it’s not solely the cyber attack that causes bankruptcy. It’s the road to recovery and the associated costs that kill these companies. In the field of cybersecurity, it’s better to be safe than sorry.

The consequences of a cyberattack
It’s evident that the consequences of a cyberattack have a major impact. Identity theft due to a cyberattack is no joke, nor are the loss of sales or reputational damage. A few things that influence the impact of a cyberattack:
- How quickly can you recover: If the organization has the procedures in order and can recover quickly from an attack, this significantly reduces the impact. A temporary (short) disruption can often be managed well.
- Special features of the organization: by way of illustration, the risks of some kind of cyber-attack of a hospital will be greater than a data breach involving a newspaper mailing list.
- Duration of the attack: Sometimes a hacker has been in for days or weeks. If this is not detected, the damage can be very targeted and even recovery options can be compromised.
Cybersecurity 2023 – What do we have to protect?
With the increasing number of cyberattacks and organizations falling victim to a cyberattack, the question is not ‘if’, but ‘when’. Especially when organizations don’t improve their IT-security. Even though cybersecurity experts are constantly warning for this growing threat, action is often lacking. why is this? Cyber and security continues to be a difficult subject for organizations
According to Marcel: “This has several causes that reinforce each other. First, we see that IT budgets are under pressure and the focus is on optimizing the primary processes. Less attention is paid to the security of the organization. On top of that, many security measures have an impact on day-to-day work, as security and efficiency are at odds. Finally, we also see a role for suppliers of security solutions. It happens all too often that only technology pushed, while security starts with people. It starts by creating awareness about the risks and consequences.You want to have a clear insight into which data is most important and you want to ensure that it is precisely that data that is best protected”,
Mind the gap – about closing the gap between cybersecurity and business
When we talk about making organizations more secure, we should mainly focus on closing the gap between IT and business. Especially in the coming years. According to Marcel, this starts with raising awareness among staff. Communication from IT and cyber experts can help with this. What many people don’t realize enough is that the main goal of these cyber experts is to keep the business functioning undisturbed. That’s why these experts are also of big importance for the business side of the organization. If you use that in your communication and make cyber security a common goal, new opportunities will present themselves!
Would you like to talk about the various options to better secure your organization? Contact one of our experts.
Avoid falling victim to any of these cybersecurity risks 2022
Geplaatst op: 13 December 2023
Cybercrime is an increasing concern for organizations everywhere. A large part of the working population has worked from home in the past two years and is continuing to do so. Because of this, many business conversations and activities have taken and are taking place online. This opens a window for data breaches, leaking of sensitive data or worse: cybercrime. In this article you can read about the most common cybersecurity risks for organizations and how these risks can be minimized or even avoided.
Malware
Malware is an umbrella term for software like viruses, spyware, and Trojan horses. Malware usually ends up on a computer or network when employees click on a link or document that contains this software. Because the work traffic of many organizations has been from home in recent years, we have seen an increase in malware attacks. The name malware comes from the two words “malicious” and “software”.

Ransomware
Ransomware is a nasty form of malware. This one ensures that people within the organization can no longer access important documents or processes that are essential to keep the organization running. Often a large ransom is demanded from the organization to regain access. That’s where the name ransomware comes from.
Phishing
Phishing is probably the most common form of cybercrime now. Both privately and professionally, we see that more and more people are falling victim to the psychological game that hackers play during a phishing attack. They often pose as a well-known supplier or company and then ask for important details. Remote working has given a boost to the increase of phishing.
Password hacks
Password hacks are a little different of nature. These attacks use intelligent programs that can guess weak passwords. A different method of gaining access to passwords of employees is by key logging. Here, common keystrokes on a computer are ‘remembered’ without permission. Employees that use the same password to get access to multiple platforms are at higher risk to get hacked.
Tips to prevent a cyber attack
As an organization, there’s multiple things that can help prevent a cyberattack. Below a few tips:
Make staff aware of the risks
One of the easiest but most important things you can do is making all employees aware of the security risks when they must handle sensitive data or log on to sensitive systems. Train employees and teach them the basic principles of cyber security. This includes creating strong passwords, raising awareness about various phishing techniques, and keeping important security software up to date.
Use safety tools
There are many different tools and programs that can help organizations improve their security. Two-step verification is an easy-to-implement tool that prevents hackers from gaining access to the system. It’s also advisable to use a firewall to keep snoopers out. Another simple tip: make sure the computers used by employees are always up to date. There are plenty of tools, so use them!
Invest in a cybersecurity expert
Our last tip: Hire a cybersecurity expert. These experts can train employees, look at the cybersecurity protocols and, where necessary, think along with the digital transformation of an organization. After all, a well-thought-out plan is the basis for rock-solid security.